libmongocrypt-helper 1.12.0.0.1001 → 1.14.0.0.1001

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (648) hide show
  1. checksums.yaml +4 -4
  2. data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +27 -0
  3. data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +15 -1
  4. data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +3 -3
  5. data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
  6. data/ext/libmongocrypt/libmongocrypt/Earthfile +50 -50
  7. data/ext/libmongocrypt/libmongocrypt/README.md +8 -17
  8. data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +13 -0
  9. data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md +34 -0
  10. data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
  11. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +6 -2
  12. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +57 -3
  13. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +40 -0
  14. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +14 -0
  15. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +6 -2
  16. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
  17. data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
  18. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt +1 -0
  19. data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh} +9 -3
  20. data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py} +16 -9
  21. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh +8 -0
  22. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update-version.sh +27 -0
  23. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update_binding.py +78 -0
  24. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
  25. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
  26. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +26 -11
  27. data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
  28. data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +3 -5
  29. data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +37 -43
  30. data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +39 -13
  31. data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +1 -1
  32. data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +9 -9
  33. data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
  34. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
  35. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
  36. data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
  37. data/ext/libmongocrypt/libmongocrypt/integrating.md +42 -11
  38. data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +1 -1
  39. data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.c +5 -0
  40. data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.h +1 -1
  41. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_azure_request.c +1 -1
  42. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
  43. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
  44. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +4 -2
  45. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +1 -2
  46. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
  47. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +7 -3
  48. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -4
  49. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_opt.c +1 -1
  50. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -8
  51. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.h +9 -0
  52. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +0 -1
  53. data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.c +7 -3
  54. data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.h +2 -0
  55. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +13 -6
  56. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +29 -11
  57. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +3 -3
  58. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +4 -4
  59. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_request.c +4 -0
  60. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response.c +3 -0
  61. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response_parser.c +4 -0
  62. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.c +1 -1
  63. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.h +1 -1
  64. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +50 -48
  65. data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +235 -65
  66. data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +1 -1
  67. data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +4 -2
  68. data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +2 -2
  69. data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +2 -2
  70. data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +6 -4
  71. data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +44 -12
  72. data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +5 -1
  73. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +89 -8
  74. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +346 -131
  75. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +6 -18
  76. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +6 -18
  77. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +1 -1
  78. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +25 -26
  79. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +2 -1
  80. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload-private.h +122 -0
  81. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload.c +477 -0
  82. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +35 -3
  83. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +193 -44
  84. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +6 -18
  85. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +105 -7
  86. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +386 -74
  87. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +13 -10
  88. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +3 -2
  89. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +7 -6
  90. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +7 -2
  91. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +21 -3
  92. data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +1 -1
  93. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/benchmarks/build.gradle.kts → src/mc-parse-utils-private.h} +10 -11
  94. data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils.c +48 -0
  95. data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +5 -5
  96. data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +15 -20
  97. data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +4 -6
  98. data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +9 -18
  99. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +4 -5
  100. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +5 -9
  101. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +14 -19
  102. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +2 -4
  103. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +109 -119
  104. data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +2 -2
  105. data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +4 -2
  106. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +123 -0
  107. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1065 -0
  108. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
  109. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
  110. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +52 -0
  111. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +324 -0
  112. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +130 -2
  113. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +159 -3
  114. data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +1 -1
  115. data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +4 -2
  116. data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +1 -1
  117. data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +12 -1
  118. data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
  119. data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +5 -5
  120. data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +2 -5
  121. data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +65 -58
  122. data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +3 -3
  123. data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +1 -1
  124. data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +1 -1
  125. data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
  126. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
  127. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
  128. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -1
  129. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +4 -0
  130. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +1 -1
  131. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +4 -4
  132. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +29 -25
  133. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +3 -2
  134. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +14 -7
  135. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +463 -900
  136. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +5 -19
  137. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +12 -0
  138. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +5 -13
  139. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +19 -2
  140. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +9 -9
  141. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1 -1
  142. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +3 -4
  143. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +773 -584
  144. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -6
  145. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +0 -1
  146. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +8 -13
  147. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
  148. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +7 -2
  149. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +53 -40
  150. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +17 -0
  151. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +5 -1
  152. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +1 -1
  153. data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +3 -1
  154. data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +1 -1
  155. data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
  156. data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
  157. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
  158. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
  159. data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +0 -14
  160. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
  161. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
  162. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
  163. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
  164. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
  165. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
  166. data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
  167. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
  168. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
  169. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
  170. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +6 -2
  171. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
  172. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
  173. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
  174. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
  175. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
  176. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
  177. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
  178. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
  179. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
  180. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
  181. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
  182. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
  183. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
  184. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
  185. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
  186. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
  187. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
  188. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
  189. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
  190. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
  191. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
  192. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
  193. data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
  194. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
  195. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
  196. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
  197. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
  198. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
  199. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
  200. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
  201. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
  202. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
  203. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-RangeV1.json +8 -0
  204. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
  205. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV1.json +8 -0
  206. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json +8 -0
  207. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
  208. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
  209. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
  210. data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
  211. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
  212. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
  213. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
  214. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
  215. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
  216. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
  217. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
  218. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
  219. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
  220. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
  221. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
  222. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
  223. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
  224. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
  225. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
  226. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
  227. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
  228. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
  229. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
  230. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
  231. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
  232. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
  233. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
  234. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
  235. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
  236. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
  237. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
  238. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
  239. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
  240. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
  241. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
  242. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
  243. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
  244. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
  245. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
  246. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
  247. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
  248. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
  249. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
  250. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +1 -1
  251. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +6 -4
  252. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +1 -1
  253. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
  254. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +6 -4
  255. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +2 -2
  256. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +1 -1
  257. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +6 -4
  258. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +1 -1
  259. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +14 -6
  260. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +1 -1
  261. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +6 -4
  262. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +1 -1
  263. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +1 -1
  264. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +6 -4
  265. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +1 -1
  266. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +1 -1
  267. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +6 -4
  268. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +1 -1
  269. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +1 -1
  270. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
  271. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +1 -1
  272. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +1 -1
  273. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +1 -1
  274. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +6 -4
  275. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +1 -1
  276. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
  277. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +6 -4
  278. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +1 -1
  279. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +1 -1
  280. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +6 -4
  281. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +1 -1
  282. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +14 -6
  283. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +1 -1
  284. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +6 -4
  285. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +1 -1
  286. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
  287. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +1 -1
  288. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +3 -3
  289. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +1 -1
  290. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +1 -1
  291. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +6 -4
  292. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +1 -1
  293. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +1 -1
  294. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
  295. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +1 -1
  296. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +1 -1
  297. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
  298. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search}/encrypted-field-map.json +10 -9
  299. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
  300. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
  301. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double-precision → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -13
  302. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
  303. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
  304. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
  305. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
  306. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
  307. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
  308. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
  309. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
  310. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
  311. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
  312. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
  313. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
  314. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
  315. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
  316. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
  317. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
  318. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
  319. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
  320. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
  321. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
  322. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
  323. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
  324. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
  325. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
  326. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +13 -11
  327. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/collInfo-c3.json +39 -0
  328. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
  329. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
  330. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
  331. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
  332. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
  333. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
  334. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
  335. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
  336. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
  337. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
  338. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
  339. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
  340. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
  341. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
  342. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
  343. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
  344. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
  345. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
  346. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
  347. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
  348. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
  349. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
  350. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
  351. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
  352. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
  353. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
  354. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
  355. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
  356. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
  357. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
  358. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
  359. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
  360. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
  361. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
  362. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
  363. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
  364. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
  365. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
  366. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
  367. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
  368. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
  369. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
  370. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
  371. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
  372. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
  373. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
  374. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
  375. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
  376. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
  377. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
  378. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
  379. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
  380. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
  381. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
  382. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
  383. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
  384. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
  385. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
  386. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
  387. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
  388. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
  389. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
  390. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
  391. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
  392. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
  393. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
  394. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
  395. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
  396. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
  397. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
  398. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
  399. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
  400. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
  401. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
  402. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
  403. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
  404. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
  405. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
  406. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
  407. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
  408. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
  409. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
  410. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
  411. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
  412. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
  413. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
  414. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
  415. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
  416. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
  417. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
  418. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
  419. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
  420. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
  421. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
  422. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
  423. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
  424. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
  425. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
  426. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
  427. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
  428. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
  429. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
  430. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
  431. data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
  432. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
  433. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
  434. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
  435. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
  436. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
  437. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
  438. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
  439. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
  440. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
  441. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
  442. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
  443. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +36 -2
  444. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +36 -2
  445. data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +5 -5
  446. data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +11 -5
  447. data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +2 -2
  448. data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +74 -6
  449. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +457 -0
  450. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
  451. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +2 -18
  452. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-text-payload.c +320 -0
  453. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +286 -24
  454. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
  455. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +24 -17
  456. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
  457. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
  458. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +10 -7
  459. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +36 -1
  460. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +12 -17
  461. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +58 -63
  462. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +69 -85
  463. data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +7 -22
  464. data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +5 -5
  465. data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
  466. data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1336 -0
  467. data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +165 -37
  468. data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +10 -10
  469. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -21
  470. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +55 -26
  471. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +29 -4
  472. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +5 -4
  473. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +13 -13
  474. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +49 -55
  475. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +64 -67
  476. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +19 -19
  477. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +4 -0
  478. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +41 -10
  479. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +33 -2
  480. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +247 -149
  481. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1342 -1229
  482. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +28 -1
  483. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +50 -91
  484. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +1 -1
  485. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +7 -4
  486. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +1 -1
  487. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +2 -2
  488. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +9 -11
  489. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +2 -2
  490. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +2 -2
  491. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +1 -1
  492. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +2 -2
  493. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +1101 -161
  494. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +1 -1
  495. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +157 -82
  496. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +38 -6
  497. data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +11 -11
  498. data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +101 -0
  499. data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +1 -1
  500. data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +1 -1
  501. data/ext/libmongocrypt/libmongocrypt/test/util/util.c +5 -5
  502. data/ext/libmongocrypt/libmongocrypt/test/util/util.h +7 -6
  503. data/lib/libmongocrypt_helper/version.rb +2 -2
  504. metadata +219 -165
  505. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
  506. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
  507. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
  508. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
  509. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
  510. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
  511. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
  512. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
  513. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
  514. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
  515. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
  516. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
  517. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
  518. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
  519. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
  520. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
  521. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
  522. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
  523. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
  524. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
  525. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
  526. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
  527. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
  528. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
  529. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
  530. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
  531. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
  532. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
  533. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
  534. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
  535. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
  536. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
  537. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
  538. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
  539. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
  540. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
  541. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
  542. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
  543. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
  544. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
  545. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
  546. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
  547. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
  548. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
  549. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
  550. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
  551. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
  552. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
  553. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
  554. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
  555. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-document.json +0 -36
  556. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
  557. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
  558. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/kms-reply.txt +0 -6
  559. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
  560. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
  561. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
  562. data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +0 -1
  563. data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +0 -50
  564. data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +0 -14
  565. data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
  566. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
  567. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +0 -29
  568. data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
  569. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
  570. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +0 -29
  571. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
  572. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
  573. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
  574. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
  575. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
  576. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
  577. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
  578. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
  579. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
  580. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
  581. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
  582. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
  583. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-field-map.json +0 -28
  584. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
  585. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
  586. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
  587. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
  588. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
  589. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
  590. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
  591. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
  592. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
  593. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
  594. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
  595. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
  596. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
  597. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
  598. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
  599. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
  600. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
  601. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
  602. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
  603. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
  604. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
  605. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
  606. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
  607. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
  608. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
  609. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
  610. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
  611. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
  612. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
  613. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
  614. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
  615. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
  616. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
  617. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
  618. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
  619. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
  620. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
  621. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
  622. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
  623. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
  624. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
  625. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
  626. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
  627. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
  628. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
  629. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
  630. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
  631. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
  632. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
  633. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
  634. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
  635. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
  636. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
  637. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
  638. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
  639. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
  640. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
  641. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
  642. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
  643. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
  644. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
  645. data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
  646. /data/ext/libmongocrypt/libmongocrypt/bindings/python/{build-manylinux-wheel.sh → scripts/build-manylinux-wheel.sh} +0 -0
  647. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
  648. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -14,12 +14,14 @@
14
14
  * limitations under the License.
15
15
  */
16
16
 
17
+ #include "bson/bson.h"
17
18
  #include "mc-fle-blob-subtype-private.h"
18
19
  #include "mc-fle2-encryption-placeholder-private.h"
19
20
  #include "mc-fle2-find-equality-payload-private-v2.h"
20
21
  #include "mc-fle2-find-equality-payload-private.h"
21
22
  #include "mc-fle2-find-range-payload-private-v2.h"
22
23
  #include "mc-fle2-find-range-payload-private.h"
24
+ #include "mc-fle2-find-text-payload-private.h"
23
25
  #include "mc-fle2-insert-update-payload-private-v2.h"
24
26
  #include "mc-fle2-insert-update-payload-private.h"
25
27
  #include "mc-fle2-payload-uev-private.h"
@@ -28,6 +30,8 @@
28
30
  #include "mc-range-edge-generation-private.h"
29
31
  #include "mc-range-encoding-private.h"
30
32
  #include "mc-range-mincover-private.h"
33
+ #include "mc-str-encode-string-sets-private.h"
34
+ #include "mc-text-search-str-encode-private.h"
31
35
  #include "mc-tokens-private.h"
32
36
  #include "mongocrypt-buffer-private.h"
33
37
  #include "mongocrypt-ciphertext-private.h"
@@ -62,7 +66,7 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
62
66
  BSON_ASSERT(field);
63
67
  if (0 == strcmp("ki", field)) {
64
68
  has_ki = true;
65
- if (!_mongocrypt_buffer_from_uuid_iter(&out->key_id, &iter)) {
69
+ if (!_mongocrypt_buffer_from_uuid_iter(&out->u.fle1.key_id, &iter)) {
66
70
  CLIENT_ERR("key id must be a UUID");
67
71
  return false;
68
72
  }
@@ -82,14 +86,14 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
82
86
  }
83
87
  /* CDRIVER-3100 We must make a copy of this value; the result of
84
88
  * bson_iter_value is ephemeral. */
85
- bson_value_copy(value, &out->key_alt_name);
89
+ bson_value_copy(value, &out->u.fle1.key_alt_name);
86
90
  out->type = MONGOCRYPT_MARKING_FLE1_BY_ALTNAME;
87
91
  continue;
88
92
  }
89
93
 
90
94
  if (0 == strcmp("v", field)) {
91
95
  has_v = true;
92
- memcpy(&out->v_iter, &iter, sizeof(bson_iter_t));
96
+ memcpy(&out->u.fle1.v_iter, &iter, sizeof(bson_iter_t));
93
97
  continue;
94
98
  }
95
99
 
@@ -107,7 +111,7 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
107
111
  CLIENT_ERR("invalid algorithm value: %d", algorithm);
108
112
  return false;
109
113
  }
110
- out->algorithm = (mongocrypt_encryption_algorithm_t)algorithm;
114
+ out->u.fle1.algorithm = (mongocrypt_encryption_algorithm_t)algorithm;
111
115
  continue;
112
116
  }
113
117
 
@@ -144,7 +148,7 @@ _mongocrypt_marking_parse_fle2_placeholder(const bson_t *in, _mongocrypt_marking
144
148
  BSON_ASSERT_PARAM(out);
145
149
 
146
150
  out->type = MONGOCRYPT_MARKING_FLE2_ENCRYPTION;
147
- return mc_FLE2EncryptionPlaceholder_parse(&out->fle2, in, status);
151
+ return mc_FLE2EncryptionPlaceholder_parse(&out->u.fle2, in, status);
148
152
  }
149
153
 
150
154
  bool _mongocrypt_marking_parse_unowned(const _mongocrypt_buffer_t *in,
@@ -188,13 +192,13 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
188
192
  return;
189
193
  }
190
194
  if (marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION) {
191
- mc_FLE2EncryptionPlaceholder_cleanup(&marking->fle2);
195
+ mc_FLE2EncryptionPlaceholder_cleanup(&marking->u.fle2);
192
196
  return;
193
197
  }
194
198
 
195
199
  // else FLE1
196
- _mongocrypt_buffer_cleanup(&marking->key_id);
197
- bson_value_destroy(&marking->key_alt_name);
200
+ _mongocrypt_buffer_cleanup(&marking->u.fle1.key_id);
201
+ bson_value_destroy(&marking->u.fle1.key_alt_name);
198
202
  }
199
203
 
200
204
  /**
@@ -268,10 +272,139 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
268
272
 
269
273
  DERIVE_TOKEN_IMPL(EDC)
270
274
  DERIVE_TOKEN_IMPL(ESC)
271
- DERIVE_TOKEN_IMPL(ECC)
272
275
 
273
276
  #undef DERIVE_TOKEN_IMPL
274
277
 
278
+ /**
279
+ * Calculates:
280
+ * E?CToken = HMAC(collectionLevel1Token, n)
281
+ * E?CText<T>Token = HMAC(E?CToken, t)
282
+ * E?CText<T>DerivedFromDataToken = HMAC(E?CText<T>Token, v)
283
+ * E?CText<T>DerivedFromDataTokenAndContentionFactorToken = HMAC(E?CText<T>DerivedFromDataToken, cf)
284
+ *
285
+ * E?C = EDC|ESC
286
+ * n = 1 for EDC, 2 for ESC
287
+ * <T> = Exact|Substring|Suffix|Prefix
288
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
289
+ * cf = contentionFactor
290
+ *
291
+ * If {useContentionFactor} is False, E?CText<T>DerivedFromDataToken is saved to out, and
292
+ * {contentionFactor} is ignored.
293
+ * Otherwise, E?CText<T>DerivedFromDataTokenAndContentionFactorToken is saved to out.
294
+ * Note that {out} is initialized even on failure.
295
+ */
296
+ #define DERIVE_TEXT_SEARCH_TOKEN_IMPL(Name, Type) \
297
+ static bool _fle2_derive_##Name##Text##Type##_token(_mongocrypt_crypto_t *crypto, \
298
+ _mongocrypt_buffer_t *out, \
299
+ const mc_CollectionsLevel1Token_t *level1Token, \
300
+ const _mongocrypt_buffer_t *value, \
301
+ bool useContentionFactor, \
302
+ int64_t contentionFactor, \
303
+ mongocrypt_status_t *status) { \
304
+ BSON_ASSERT_PARAM(crypto); \
305
+ BSON_ASSERT_PARAM(out); \
306
+ BSON_ASSERT_PARAM(level1Token); \
307
+ BSON_ASSERT_PARAM(value); \
308
+ \
309
+ _mongocrypt_buffer_init(out); \
310
+ \
311
+ mc_##Name##Token_t *token = mc_##Name##Token_new(crypto, level1Token, status); \
312
+ if (!token) { \
313
+ return false; \
314
+ } \
315
+ mc_##Name##Text##Type##Token_t *textToken = mc_##Name##Text##Type##Token_new(crypto, token, status); \
316
+ mc_##Name##Token_destroy(token); \
317
+ if (!textToken) { \
318
+ return false; \
319
+ } \
320
+ mc_##Name##Text##Type##DerivedFromDataToken_t *fromDataToken = \
321
+ mc_##Name##Text##Type##DerivedFromDataToken_new(crypto, textToken, value, status); \
322
+ mc_##Name##Text##Type##Token_destroy(textToken); \
323
+ if (!fromDataToken) { \
324
+ return false; \
325
+ } \
326
+ \
327
+ if (!useContentionFactor) { \
328
+ /* FindTextPayload uses *fromDataToken */ \
329
+ _mongocrypt_buffer_copy_to(mc_##Name##Text##Type##DerivedFromDataToken_get(fromDataToken), out); \
330
+ mc_##Name##Text##Type##DerivedFromDataToken_destroy(fromDataToken); \
331
+ return true; \
332
+ } \
333
+ \
334
+ BSON_ASSERT(contentionFactor >= 0); \
335
+ /* InsertUpdatePayload continues through *fromDataTokenAndContentionFactor */ \
336
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_t *fromDataAndContentionFactor = \
337
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_new(crypto, \
338
+ fromDataToken, \
339
+ (uint64_t)contentionFactor, \
340
+ status); \
341
+ mc_##Name##Text##Type##DerivedFromDataToken_destroy(fromDataToken); \
342
+ if (!fromDataAndContentionFactor) { \
343
+ return false; \
344
+ } \
345
+ _mongocrypt_buffer_copy_to( \
346
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_get(fromDataAndContentionFactor), \
347
+ out); \
348
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_destroy(fromDataAndContentionFactor); \
349
+ return true; \
350
+ }
351
+
352
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Exact)
353
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Exact)
354
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Substring)
355
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Substring)
356
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Suffix)
357
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Suffix)
358
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Prefix)
359
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Prefix)
360
+ #undef DERIVE_TEXT_SEARCH_TOKEN_IMPL
361
+
362
+ /**
363
+ * Calculates:
364
+ * ServerText<T>Token = HMAC(collectionLevel1Token, t)
365
+ * ServerText<T>DerivedFromDataToken = HMAC(ServerText<T>Token, v)
366
+ *
367
+ * <T> = Exact|Substring|Suffix|Prefix
368
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
369
+ *
370
+ * ServerText<T>DerivedFromDataToken is saved to out.
371
+ * Note that {out} is initialized even on failure.
372
+ */
373
+ #define DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Type) \
374
+ static bool _fle2_derive_serverText##Type##DerivedFromDataToken( \
375
+ _mongocrypt_crypto_t *crypto, \
376
+ _mongocrypt_buffer_t *out, \
377
+ const mc_ServerTokenDerivationLevel1Token_t *level1Token, \
378
+ const _mongocrypt_buffer_t *value, \
379
+ mongocrypt_status_t *status) { \
380
+ BSON_ASSERT_PARAM(crypto); \
381
+ BSON_ASSERT_PARAM(out); \
382
+ BSON_ASSERT_PARAM(level1Token); \
383
+ BSON_ASSERT_PARAM(value); \
384
+ BSON_ASSERT_PARAM(status); \
385
+ \
386
+ _mongocrypt_buffer_init(out); \
387
+ mc_ServerText##Type##Token_t *token = mc_ServerText##Type##Token_new(crypto, level1Token, status); \
388
+ if (!token) { \
389
+ return false; \
390
+ } \
391
+ mc_ServerText##Type##DerivedFromDataToken_t *dataToken = \
392
+ mc_ServerText##Type##DerivedFromDataToken_new(crypto, token, value, status); \
393
+ mc_ServerText##Type##Token_destroy(token); \
394
+ if (!dataToken) { \
395
+ return false; \
396
+ } \
397
+ _mongocrypt_buffer_copy_to(mc_ServerText##Type##DerivedFromDataToken_get(dataToken), out); \
398
+ mc_ServerText##Type##DerivedFromDataToken_destroy(dataToken); \
399
+ return true; \
400
+ }
401
+
402
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Exact)
403
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Substring)
404
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Suffix)
405
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Prefix)
406
+ #undef DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL
407
+
275
408
  static bool _fle2_derive_serverDerivedFromDataToken(_mongocrypt_crypto_t *crypto,
276
409
  _mongocrypt_buffer_t *out,
277
410
  const mc_ServerTokenDerivationLevel1Token_t *level1Token,
@@ -381,7 +514,7 @@ static bool _fle2_placeholder_aes_aead_encrypt(_mongocrypt_key_broker_t *kb,
381
514
  // Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
382
515
  static bool _fle2_derive_encrypted_token(_mongocrypt_crypto_t *crypto,
383
516
  _mongocrypt_buffer_t *out,
384
- bool use_range_v2,
517
+ bool concatentate_leaf,
385
518
  const mc_CollectionsLevel1Token_t *collectionsLevel1Token,
386
519
  const _mongocrypt_buffer_t *escDerivedToken,
387
520
  const _mongocrypt_buffer_t *eccDerivedToken,
@@ -398,7 +531,7 @@ static bool _fle2_derive_encrypted_token(_mongocrypt_crypto_t *crypto,
398
531
  const _mongocrypt_buffer_t *p = &tmp;
399
532
  if (!eccDerivedToken) {
400
533
  // FLE2v2
401
- if (use_range_v2 && is_leaf.set) {
534
+ if (concatentate_leaf && is_leaf.set) {
402
535
  // Range V2; concat isLeaf
403
536
  _mongocrypt_buffer_t isLeafBuf;
404
537
  if (!_mongocrypt_buffer_copy_from_data_and_size(&isLeafBuf, (uint8_t[]){is_leaf.value}, 1)) {
@@ -483,7 +616,7 @@ static bool _get_tokenKey(_mongocrypt_key_broker_t *kb,
483
616
  }
484
617
 
485
618
  if (indexKey.len != MONGOCRYPT_KEY_LEN) {
486
- CLIENT_ERR("invalid indexKey, expected len=%" PRIu32 ", got len=%" PRIu32, MONGOCRYPT_KEY_LEN, indexKey.len);
619
+ CLIENT_ERR("invalid indexKey, expected len=%d, got len=%" PRIu32, MONGOCRYPT_KEY_LEN, indexKey.len);
487
620
  _mongocrypt_buffer_cleanup(&indexKey);
488
621
  return false;
489
622
  }
@@ -514,7 +647,6 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
514
647
  BSON_ASSERT_PARAM(value);
515
648
 
516
649
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
517
- _mongocrypt_buffer_t indexKey = {0};
518
650
  *ret = (_FLE2EncryptedPayloadCommon_t){{0}};
519
651
 
520
652
  if (!_get_tokenKey(kb, indexKeyId, &ret->tokenKey, status)) {
@@ -553,191 +685,25 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
553
685
  goto fail;
554
686
  }
555
687
 
556
- if (kb->crypt->opts.use_fle2_v2) {
557
- /* FLE2v2 */
558
- ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
559
- if (!ret->serverTokenDerivationLevel1Token) {
560
- CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
561
- goto fail;
562
- }
563
-
564
- if (!_fle2_derive_serverDerivedFromDataToken(crypto,
565
- &ret->serverDerivedFromDataToken,
566
- ret->serverTokenDerivationLevel1Token,
567
- value,
568
- status)) {
569
- goto fail;
570
- }
571
- } else {
572
- /* FLE2v1 */
573
- if (!_fle2_derive_ECC_token(crypto,
574
- &ret->eccDerivedToken,
575
- ret->collectionsLevel1Token,
576
- value,
577
- useContentionFactor,
578
- contentionFactor,
579
- status)) {
580
- goto fail;
581
- }
582
- }
583
-
584
- _mongocrypt_buffer_cleanup(&indexKey);
585
- return true;
586
-
587
- fail:
588
- _FLE2EncryptedPayloadCommon_cleanup(ret);
589
- _mongocrypt_buffer_cleanup(&indexKey);
590
- return false;
591
- }
592
-
593
- // Shared implementation for insert/update and insert/update ForRange (v1)
594
- static bool _mongocrypt_fle2_placeholder_to_insert_update_common_v1(_mongocrypt_key_broker_t *kb,
595
- mc_FLE2InsertUpdatePayload_t *out,
596
- int64_t *contentionFactor,
597
- _FLE2EncryptedPayloadCommon_t *common,
598
- const mc_FLE2EncryptionPlaceholder_t *placeholder,
599
- bson_iter_t *value_iter,
600
- mongocrypt_status_t *status) {
601
- BSON_ASSERT_PARAM(kb);
602
- BSON_ASSERT_PARAM(out);
603
- BSON_ASSERT_PARAM(common);
604
- BSON_ASSERT_PARAM(placeholder);
605
- BSON_ASSERT_PARAM(value_iter);
606
- BSON_ASSERT(kb->crypt);
607
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
608
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
609
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
610
-
611
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
612
- _mongocrypt_buffer_t value = {0};
613
- bool res = false;
614
-
615
- *contentionFactor = 0;
616
- if (placeholder->maxContentionFactor > 0) {
617
- /* Choose a random contentionFactor in the inclusive range [0,
618
- * placeholder->maxContentionFactor] */
619
- if (!_mongocrypt_random_int64(crypto, placeholder->maxContentionFactor + 1, contentionFactor, status)) {
620
- goto fail;
621
- }
622
- }
623
-
624
- _mongocrypt_buffer_from_iter(&value, value_iter);
625
- if (!_mongocrypt_fle2_placeholder_common(kb,
626
- common,
627
- &placeholder->index_key_id,
628
- &value,
629
- true, /* derive tokens using contentionFactor */
630
- *contentionFactor,
631
- status)) {
632
- goto fail;
633
- }
634
-
635
- // d := EDCDerivedToken
636
- _mongocrypt_buffer_steal(&out->edcDerivedToken, &common->edcDerivedToken);
637
- // s := ESCDerivedToken
638
- _mongocrypt_buffer_steal(&out->escDerivedToken, &common->escDerivedToken);
639
- // c := ECCDerivedToken
640
- _mongocrypt_buffer_steal(&out->eccDerivedToken, &common->eccDerivedToken);
641
-
642
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
643
- // ECCDerivedFromDataTokenAndContentionFactor)
644
- if (!_fle2_derive_encrypted_token(crypto,
645
- &out->encryptedTokens,
646
- false, // Can't use range V2 with FLE V1
647
- common->collectionsLevel1Token,
648
- &out->escDerivedToken,
649
- &out->eccDerivedToken,
650
- (mc_optional_bool_t){0}, // Unset is_leaf as it's not used in V1
651
- status)) {
688
+ ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
689
+ if (!ret->serverTokenDerivationLevel1Token) {
690
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
652
691
  goto fail;
653
692
  }
654
693
 
655
- _mongocrypt_buffer_copy_to(&placeholder->index_key_id,
656
- &out->indexKeyId); // u
657
- out->valueType = bson_iter_type(value_iter); // t
658
-
659
- // v := UserKeyId + EncryptCTRAEAD(UserKey, value)
660
- {
661
- _mongocrypt_buffer_t ciphertext = {0};
662
- if (!_fle2_placeholder_aes_aead_encrypt(kb,
663
- _mcFLE2AEADAlgorithm(),
664
- &ciphertext,
665
- &placeholder->user_key_id,
666
- &value,
667
- status)) {
668
- goto fail;
669
- }
670
- const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
671
- const bool ok = _mongocrypt_buffer_concat(&out->value, v, 2);
672
- _mongocrypt_buffer_cleanup(&ciphertext);
673
- if (!ok) {
674
- goto fail;
675
- }
676
- }
677
-
678
- // e := ServerDataEncryptionLevel1Token
679
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common->serverDataEncryptionLevel1Token),
680
- &out->serverEncryptionToken);
681
-
682
- res = true;
683
- fail:
684
- _mongocrypt_buffer_cleanup(&value);
685
- return res;
686
- }
687
-
688
- /**
689
- * Payload subtype 4: FLE2InsertUpdatePayload
690
- *
691
- * {d: EDC, s: ESC, c: ECC,
692
- * p: encToken, u: indexKeyId, t: type,
693
- * v: value, e: serverToken}
694
- */
695
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(_mongocrypt_key_broker_t *kb,
696
- _mongocrypt_marking_t *marking,
697
- _mongocrypt_ciphertext_t *ciphertext,
698
- mongocrypt_status_t *status) {
699
- BSON_ASSERT_PARAM(kb);
700
- BSON_ASSERT_PARAM(marking);
701
- BSON_ASSERT_PARAM(ciphertext);
702
- BSON_ASSERT_PARAM(status);
703
- BSON_ASSERT(kb->crypt);
704
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
705
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
706
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_EQUALITY);
707
-
708
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
709
- _FLE2EncryptedPayloadCommon_t common = {{0}};
710
- mc_FLE2InsertUpdatePayload_t payload;
711
- mc_FLE2InsertUpdatePayload_init(&payload);
712
- bool res = false;
713
-
714
- int64_t contentionFactor = 0; /* ignored */
715
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
716
- &payload,
717
- &contentionFactor,
718
- &common,
719
- placeholder,
720
- &placeholder->v_iter,
721
- status)) {
694
+ if (!_fle2_derive_serverDerivedFromDataToken(crypto,
695
+ &ret->serverDerivedFromDataToken,
696
+ ret->serverTokenDerivationLevel1Token,
697
+ value,
698
+ status)) {
722
699
  goto fail;
723
700
  }
724
701
 
725
- {
726
- bson_t out;
727
- bson_init(&out);
728
- mc_FLE2InsertUpdatePayload_serialize(&payload, &out);
729
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
730
- }
731
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
732
- // not used for FLE2InsertUpdatePayload.
733
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
702
+ return true;
734
703
 
735
- res = true;
736
704
  fail:
737
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
738
- _FLE2EncryptedPayloadCommon_cleanup(&common);
739
-
740
- return res;
705
+ _FLE2EncryptedPayloadCommon_cleanup(ret);
706
+ return false;
741
707
  }
742
708
 
743
709
  // Shared implementation for insert/update and insert/update ForRange (v2)
@@ -753,7 +719,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
753
719
  BSON_ASSERT_PARAM(placeholder);
754
720
  BSON_ASSERT_PARAM(value_iter);
755
721
  BSON_ASSERT(kb->crypt);
756
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == true);
757
722
  BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
758
723
 
759
724
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
@@ -791,7 +756,7 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
791
756
  if (!_fle2_derive_encrypted_token(
792
757
  crypto,
793
758
  &out->encryptedTokens,
794
- kb->crypt->opts.use_range_v2,
759
+ true,
795
760
  common->collectionsLevel1Token,
796
761
  &out->escDerivedToken,
797
762
  NULL, // unused in v2
@@ -839,8 +804,6 @@ fail:
839
804
 
840
805
  /**
841
806
  * Payload subtype 11: FLE2InsertUpdatePayloadV2
842
- * Delegates to ..._insert_update_ciphertext_v1 for subtype 4
843
- * when crypt.opts.use_fle2_v2 == false
844
807
  *
845
808
  * {d: EDC, s: ESC, p: encToken,
846
809
  * u: indexKeyId, t: valueType, v: value,
@@ -857,11 +820,7 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(_mongocrypt
857
820
  BSON_ASSERT(kb->crypt);
858
821
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
859
822
 
860
- if (!kb->crypt->opts.use_fle2_v2) {
861
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(kb, marking, ciphertext, status);
862
- }
863
-
864
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
823
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
865
824
  _FLE2EncryptedPayloadCommon_t common = {{0}};
866
825
  mc_FLE2InsertUpdatePayloadV2_t payload;
867
826
  mc_FLE2InsertUpdatePayloadV2_init(&payload);
@@ -897,8 +856,7 @@ fail:
897
856
 
898
857
  // get_edges creates and returns edges from an FLE2RangeInsertSpec. Returns NULL
899
858
  // on error.
900
- static mc_edges_t *
901
- get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_status_t *status, bool use_range_v2) {
859
+ static mc_edges_t *get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_status_t *status) {
902
860
  BSON_ASSERT_PARAM(insertSpec);
903
861
 
904
862
  bson_type_t value_type = bson_iter_type(&insertSpec->v);
@@ -909,8 +867,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
909
867
  .max = OPT_I32(bson_iter_int32(&insertSpec->max)),
910
868
  .sparsity = sparsity,
911
869
  .trimFactor = insertSpec->trimFactor},
912
- status,
913
- use_range_v2);
870
+ status);
914
871
  }
915
872
 
916
873
  else if (value_type == BSON_TYPE_INT64) {
@@ -919,8 +876,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
919
876
  .max = OPT_I64(bson_iter_int64(&insertSpec->max)),
920
877
  .sparsity = sparsity,
921
878
  .trimFactor = insertSpec->trimFactor},
922
- status,
923
- use_range_v2);
879
+ status);
924
880
  }
925
881
 
926
882
  else if (value_type == BSON_TYPE_DATE_TIME) {
@@ -929,8 +885,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
929
885
  .max = OPT_I64(bson_iter_date_time(&insertSpec->max)),
930
886
  .sparsity = sparsity,
931
887
  .trimFactor = insertSpec->trimFactor},
932
- status,
933
- use_range_v2);
888
+ status);
934
889
  }
935
890
 
936
891
  else if (value_type == BSON_TYPE_DOUBLE) {
@@ -946,11 +901,11 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
946
901
  args.precision = insertSpec->precision;
947
902
  }
948
903
 
949
- return mc_getEdgesDouble(args, status, use_range_v2);
904
+ return mc_getEdgesDouble(args, status);
950
905
  }
951
906
 
952
907
  else if (value_type == BSON_TYPE_DECIMAL128) {
953
- #if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT
908
+ #if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT()
954
909
  const mc_dec128 value = mc_dec128_from_bson_iter(&insertSpec->v);
955
910
  mc_getEdgesDecimal128_args_t args = {
956
911
  .value = value,
@@ -964,7 +919,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
964
919
  args.max = OPT_MC_DEC128(max);
965
920
  args.precision = insertSpec->precision;
966
921
  }
967
- return mc_getEdgesDecimal128(args, status, use_range_v2);
922
+ return mc_getEdgesDecimal128(args, status);
968
923
  #else // ↑↑↑↑↑↑↑↑ With Decimal128 / Without ↓↓↓↓↓↓↓↓↓↓
969
924
  CLIENT_ERR("unsupported BSON type (Decimal128) for range: libmongocrypt "
970
925
  "was built without extended Decimal128 support");
@@ -977,58 +932,53 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
977
932
  }
978
933
 
979
934
  /**
980
- * Payload subtype 4: FLE2InsertUpdatePayload for range updates
935
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
981
936
  *
982
- * {d: EDC, s: ESC, c: ECC,
983
- * p: encToken, u: indexKeyId, t: type,
984
- * v: value, e: serverToken,
985
- * g: [{d: EDC, s: ESC, c: ECC, p: encToken},
986
- * {d: EDC, s: ESC, c: ECC, p: encToken},
937
+ * {d: EDC, s: ESC, p: encToken,
938
+ * u: indexKeyId, t: valueType, v: value,
939
+ * e: serverToken, l: serverDerivedFromDataToken,
940
+ * k: contentionFactor,
941
+ * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
942
+ * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
987
943
  * ...]}
988
944
  */
989
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
990
- _mongocrypt_marking_t *marking,
991
- _mongocrypt_ciphertext_t *ciphertext,
992
- mongocrypt_status_t *status) {
945
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
946
+ _mongocrypt_marking_t *marking,
947
+ _mongocrypt_ciphertext_t *ciphertext,
948
+ mongocrypt_status_t *status) {
993
949
  BSON_ASSERT_PARAM(kb);
994
950
  BSON_ASSERT_PARAM(marking);
995
951
  BSON_ASSERT_PARAM(ciphertext);
996
- BSON_ASSERT_PARAM(status);
997
952
  BSON_ASSERT(kb->crypt);
998
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
999
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
1000
953
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1001
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
1002
954
 
1003
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
955
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1004
956
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1005
- mc_FLE2InsertUpdatePayload_t payload;
1006
- mc_FLE2InsertUpdatePayload_init(&payload);
957
+ mc_FLE2InsertUpdatePayloadV2_t payload;
958
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1007
959
  bool res = false;
1008
960
  mc_edges_t *edges = NULL;
1009
961
 
1010
962
  // Parse the value ("v"), min ("min"), and max ("max") from
1011
963
  // FLE2EncryptionPlaceholder for range insert.
1012
964
  mc_FLE2RangeInsertSpec_t insertSpec;
1013
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, kb->crypt->opts.use_range_v2, status)) {
965
+ if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
1014
966
  goto fail;
1015
967
  }
1016
968
 
1017
- int64_t contentionFactor = 0;
1018
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
1019
- &payload,
1020
- &contentionFactor,
1021
- &common,
1022
- &marking->fle2,
1023
- &insertSpec.v,
1024
- status)) {
969
+ if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
970
+ &payload,
971
+ &common,
972
+ &marking->u.fle2,
973
+ &insertSpec.v,
974
+ status)) {
1025
975
  goto fail;
1026
976
  }
1027
977
 
1028
- // g:= array<EdgeTokenSet>
978
+ // g:= array<EdgeTokenSetV2>
1029
979
  {
1030
980
  BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1031
- edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
981
+ edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status);
1032
982
  if (!edges) {
1033
983
  goto fail;
1034
984
  }
@@ -1037,10 +987,11 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1037
987
  // Create an EdgeTokenSet from each edge.
1038
988
  bool loop_ok = false;
1039
989
  const char *edge = mc_edges_get(edges, i);
990
+ bool is_leaf = mc_edges_is_leaf(edges, edge);
1040
991
  _mongocrypt_buffer_t edge_buf = {0};
1041
992
  _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1042
993
  _mongocrypt_buffer_t encryptedTokens = {0};
1043
- mc_EdgeTokenSet_t etc = {{0}};
994
+ mc_EdgeTokenSetV2_t etc = {{0}};
1044
995
 
1045
996
  if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1046
997
  CLIENT_ERR("failed to copy edge to buffer");
@@ -1052,27 +1003,29 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1052
1003
  &placeholder->index_key_id,
1053
1004
  &edge_buf,
1054
1005
  true, /* derive tokens using contentionFactor */
1055
- contentionFactor,
1006
+ payload.contentionFactor,
1056
1007
  status)) {
1057
1008
  goto fail_loop;
1058
1009
  }
1010
+ BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1059
1011
 
1060
1012
  // d := EDCDerivedToken
1061
1013
  _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1062
1014
  // s := ESCDerivedToken
1063
1015
  _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1064
- // c := ECCDerivedToken
1065
- _mongocrypt_buffer_steal(&etc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1066
1016
 
1067
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
1068
- // ECCDerivedFromDataTokenAndContentionFactor)
1017
+ // l := serverDerivedFromDataToken
1018
+ _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1019
+
1020
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1021
+ // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1069
1022
  if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1070
1023
  &etc.encryptedTokens,
1071
- false, // Range V2 is incompatible with FLE V1
1024
+ true,
1072
1025
  edge_tokens.collectionsLevel1Token,
1073
1026
  &etc.escDerivedToken,
1074
- &etc.eccDerivedToken,
1075
- (mc_optional_bool_t){0}, // Dummy value for isLeaf, unused in FLE V1
1027
+ NULL, // ecc unsed in FLE2v2
1028
+ OPT_BOOL(is_leaf),
1076
1029
  status)) {
1077
1030
  goto fail_loop;
1078
1031
  }
@@ -1090,242 +1043,572 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1090
1043
  }
1091
1044
  }
1092
1045
 
1046
+ // Include "range" payload fields introduced in SERVER-91889.
1047
+ payload.sparsity = OPT_I64(placeholder->sparsity);
1048
+ payload.precision = insertSpec.precision;
1049
+ payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1050
+ bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1051
+ bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1052
+
1093
1053
  {
1094
1054
  bson_t out;
1095
1055
  bson_init(&out);
1096
- mc_FLE2InsertUpdatePayload_serializeForRange(&payload, &out);
1056
+ mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out);
1097
1057
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1098
1058
  }
1099
1059
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1100
- // not used for FLE2InsertUpdatePayload.
1101
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
1060
+ // not used for FLE2InsertUpdatePayloadV2.
1061
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1102
1062
 
1103
1063
  res = true;
1104
1064
  fail:
1105
1065
  mc_edges_destroy(edges);
1106
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
1066
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1107
1067
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1108
1068
 
1109
1069
  return res;
1110
1070
  }
1111
1071
 
1112
1072
  /**
1113
- * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
1114
- * Delegates to ..._insert_update_ciphertextForRange_v1 for subtype 4
1115
- * when crypt.opts.use_fle2_v2 == false
1073
+ * Sets up a mc_Text<T>TokenSet_t type by generating its member tokens:
1074
+ * - edcDerivedToken = HMAC(HMAC(HMAC(EDCToken, t), v), cf)
1075
+ * - escDerivedToken = HMAC(HMAC(HMAC(ESCToken, t), v), cf)
1076
+ * - serverDerivedFromDataToken = HMAC(HMAC(ServerLevel1Token, t), v)
1077
+ * and the encrypted token:
1078
+ * - encryptedTokens = EncryptCTR(ECOCToken, escDerivedToken)
1116
1079
  *
1117
- * {d: EDC, s: ESC, p: encToken,
1118
- * u: indexKeyId, t: valueType, v: value,
1119
- * e: serverToken, l: serverDerivedFromDataToken,
1120
- * k: contentionFactor,
1121
- * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1122
- * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1123
- * ...]}
1080
+ * <T> = Exact|Substring|Suffix|Prefix
1081
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
1082
+ * cf = contentionFactor
1083
+ * EDC/ESC/ECOCToken are derived from {collLevel1Token}
1124
1084
  */
1125
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
1126
- _mongocrypt_marking_t *marking,
1127
- _mongocrypt_ciphertext_t *ciphertext,
1128
- mongocrypt_status_t *status) {
1085
+ #define GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Type) \
1086
+ static bool _fle2_generate_Text##Type##TokenSet(_mongocrypt_key_broker_t *kb, \
1087
+ mc_Text##Type##TokenSet_t *out, \
1088
+ const _mongocrypt_buffer_t *value, \
1089
+ int64_t contentionFactor, \
1090
+ const mc_CollectionsLevel1Token_t *collLevel1Token, \
1091
+ const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
1092
+ mongocrypt_status_t *status) { \
1093
+ BSON_ASSERT_PARAM(kb); \
1094
+ BSON_ASSERT_PARAM(kb->crypt); \
1095
+ BSON_ASSERT_PARAM(out); \
1096
+ BSON_ASSERT_PARAM(value); \
1097
+ BSON_ASSERT_PARAM(collLevel1Token); \
1098
+ BSON_ASSERT_PARAM(serverLevel1Token); \
1099
+ \
1100
+ if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
1101
+ &out->edcDerivedToken, \
1102
+ collLevel1Token, \
1103
+ value, \
1104
+ true, \
1105
+ contentionFactor, \
1106
+ status)) { \
1107
+ return false; \
1108
+ } \
1109
+ if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
1110
+ &out->escDerivedToken, \
1111
+ collLevel1Token, \
1112
+ value, \
1113
+ true, \
1114
+ contentionFactor, \
1115
+ status)) { \
1116
+ return false; \
1117
+ } \
1118
+ if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
1119
+ &out->serverDerivedFromDataToken, \
1120
+ serverLevel1Token, \
1121
+ value, \
1122
+ status)) { \
1123
+ return false; \
1124
+ } \
1125
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto, \
1126
+ &out->encryptedTokens, \
1127
+ false, \
1128
+ collLevel1Token, \
1129
+ &out->escDerivedToken, \
1130
+ NULL, \
1131
+ (mc_optional_bool_t){0}, \
1132
+ status)) { \
1133
+ return false; \
1134
+ } \
1135
+ return true; \
1136
+ } \
1137
+ static bool _fle2_generate_Text##Type##FindTokenSet( \
1138
+ _mongocrypt_key_broker_t *kb, \
1139
+ mc_Text##Type##FindTokenSet_t *out, \
1140
+ const _mongocrypt_buffer_t *value, \
1141
+ const mc_CollectionsLevel1Token_t *collLevel1Token, \
1142
+ const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
1143
+ mongocrypt_status_t *status) { \
1144
+ BSON_ASSERT_PARAM(kb); \
1145
+ BSON_ASSERT_PARAM(kb->crypt); \
1146
+ BSON_ASSERT_PARAM(out); \
1147
+ BSON_ASSERT_PARAM(value); \
1148
+ BSON_ASSERT_PARAM(collLevel1Token); \
1149
+ BSON_ASSERT_PARAM(serverLevel1Token); \
1150
+ if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
1151
+ &out->edcDerivedToken, \
1152
+ collLevel1Token, \
1153
+ value, \
1154
+ false, \
1155
+ 0, \
1156
+ status)) { \
1157
+ return false; \
1158
+ } \
1159
+ if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
1160
+ &out->escDerivedToken, \
1161
+ collLevel1Token, \
1162
+ value, \
1163
+ false, \
1164
+ 0, \
1165
+ status)) { \
1166
+ return false; \
1167
+ } \
1168
+ if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
1169
+ &out->serverDerivedFromDataToken, \
1170
+ serverLevel1Token, \
1171
+ value, \
1172
+ status)) { \
1173
+ return false; \
1174
+ } \
1175
+ return true; \
1176
+ }
1177
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Exact)
1178
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Substring)
1179
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Suffix)
1180
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Prefix)
1181
+ #undef GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL
1182
+
1183
+ static bool _fle2_generate_TextSearchTokenSets(_mongocrypt_key_broker_t *kb,
1184
+ mc_FLE2InsertUpdatePayloadV2_t *payload,
1185
+ const _mongocrypt_buffer_t *indexKeyId,
1186
+ const mc_FLE2TextSearchInsertSpec_t *spec,
1187
+ int64_t contentionFactor,
1188
+ mongocrypt_status_t *status) {
1129
1189
  BSON_ASSERT_PARAM(kb);
1130
- BSON_ASSERT_PARAM(marking);
1131
- BSON_ASSERT_PARAM(ciphertext);
1132
- BSON_ASSERT(kb->crypt);
1133
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1134
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1135
-
1136
- if (!kb->crypt->opts.use_fle2_v2) {
1137
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(kb, marking, ciphertext, status);
1138
- }
1190
+ BSON_ASSERT_PARAM(payload);
1191
+ BSON_ASSERT_PARAM(indexKeyId);
1192
+ BSON_ASSERT_PARAM(spec);
1139
1193
 
1140
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1194
+ _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1195
+ mc_TextSearchTokenSets_t *tsts = &payload->textSearchTokenSets.tsts;
1141
1196
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1142
- mc_FLE2InsertUpdatePayloadV2_t payload;
1143
- mc_FLE2InsertUpdatePayloadV2_init(&payload);
1144
1197
  bool res = false;
1145
- mc_edges_t *edges = NULL;
1146
1198
 
1147
- // Parse the value ("v"), min ("min"), and max ("max") from
1148
- // FLE2EncryptionPlaceholder for range insert.
1149
- mc_FLE2RangeInsertSpec_t insertSpec;
1150
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
1199
+ mc_str_encode_sets_t *encodeSets = mc_text_search_str_encode(spec, status);
1200
+ if (!encodeSets) {
1151
1201
  goto fail;
1152
1202
  }
1153
1203
 
1154
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
1155
- &payload,
1156
- &common,
1157
- &marking->fle2,
1158
- &insertSpec.v,
1159
- status)) {
1204
+ // Start the token derivations
1205
+ if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
1160
1206
  goto fail;
1161
1207
  }
1162
1208
 
1163
- // g:= array<EdgeTokenSetV2>
1209
+ common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
1210
+ if (!common.collectionsLevel1Token) {
1211
+ CLIENT_ERR("unable to derive collectionLevel1Token");
1212
+ goto fail;
1213
+ }
1214
+
1215
+ common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
1216
+ if (!common.serverTokenDerivationLevel1Token) {
1217
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
1218
+ goto fail;
1219
+ }
1220
+
1221
+ // Generate exact token set singleton
1164
1222
  {
1165
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1166
- edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
1167
- if (!edges) {
1223
+ _mongocrypt_buffer_t asBsonValue;
1224
+ _mongocrypt_buffer_init(&asBsonValue);
1225
+ BSON_ASSERT(encodeSets->exact.len < INT_MAX);
1226
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue,
1227
+ (const char *)encodeSets->exact.data,
1228
+ (int)encodeSets->exact.len);
1229
+ if (!_fle2_generate_TextExactTokenSet(kb,
1230
+ &tsts->exact,
1231
+ &asBsonValue,
1232
+ contentionFactor,
1233
+ common.collectionsLevel1Token,
1234
+ common.serverTokenDerivationLevel1Token,
1235
+ status)) {
1236
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1168
1237
  goto fail;
1169
1238
  }
1239
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1240
+ }
1170
1241
 
1171
- for (size_t i = 0; i < mc_edges_len(edges); ++i) {
1172
- // Create an EdgeTokenSet from each edge.
1173
- bool loop_ok = false;
1174
- const char *edge = mc_edges_get(edges, i);
1175
- bool is_leaf = mc_edges_is_leaf(edges, edge);
1176
- _mongocrypt_buffer_t edge_buf = {0};
1177
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1178
- _mongocrypt_buffer_t encryptedTokens = {0};
1179
- mc_EdgeTokenSetV2_t etc = {{0}};
1242
+ const char *substring;
1243
+ uint32_t bytelen;
1244
+ uint32_t appendCount;
1180
1245
 
1181
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1182
- CLIENT_ERR("failed to copy edge to buffer");
1183
- goto fail_loop;
1246
+ // Generate array of substring token sets
1247
+ if (encodeSets->substring_set) {
1248
+ mc_substring_set_iter_t set_itr;
1249
+ mc_substring_set_iter_init(&set_itr, encodeSets->substring_set);
1250
+
1251
+ while (mc_substring_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1252
+ BSON_ASSERT(appendCount > 0);
1253
+ BSON_ASSERT(bytelen < INT_MAX);
1254
+
1255
+ mc_TextSubstringTokenSet_t tset = {{0}};
1256
+
1257
+ _mongocrypt_buffer_t asBsonValue;
1258
+ _mongocrypt_buffer_init(&asBsonValue);
1259
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1260
+
1261
+ if (!_fle2_generate_TextSubstringTokenSet(kb,
1262
+ &tset,
1263
+ &asBsonValue,
1264
+ contentionFactor,
1265
+ common.collectionsLevel1Token,
1266
+ common.serverTokenDerivationLevel1Token,
1267
+ status)) {
1268
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1269
+ mc_TextSubstringTokenSet_cleanup(&tset);
1270
+ goto fail;
1184
1271
  }
1272
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1185
1273
 
1186
- if (!_mongocrypt_fle2_placeholder_common(kb,
1187
- &edge_tokens,
1188
- &placeholder->index_key_id,
1189
- &edge_buf,
1190
- true, /* derive tokens using contentionFactor */
1191
- payload.contentionFactor,
1192
- status)) {
1193
- goto fail_loop;
1274
+ if (appendCount > 1) {
1275
+ mc_TextSubstringTokenSet_t tset_copy;
1276
+ mc_TextSubstringTokenSet_shallow_copy(&tset, &tset_copy);
1277
+ for (; appendCount > 1; appendCount--) {
1278
+ _mc_array_append_val(&tsts->substringArray, tset_copy);
1279
+ }
1194
1280
  }
1195
- BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1281
+ _mc_array_append_val(&tsts->substringArray, tset); // array now owns tset
1282
+ }
1283
+ }
1196
1284
 
1197
- // d := EDCDerivedToken
1198
- _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1199
- // s := ESCDerivedToken
1200
- _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1285
+ // Generate array of suffix token sets
1286
+ if (encodeSets->suffix_set) {
1287
+ mc_affix_set_iter_t set_itr;
1288
+ mc_affix_set_iter_init(&set_itr, encodeSets->suffix_set);
1201
1289
 
1202
- // l := serverDerivedFromDataToken
1203
- _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1290
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1291
+ BSON_ASSERT(appendCount > 0);
1292
+ BSON_ASSERT(bytelen < INT_MAX);
1204
1293
 
1205
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1206
- // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1207
- if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1208
- &etc.encryptedTokens,
1209
- kb->crypt->opts.use_range_v2,
1210
- edge_tokens.collectionsLevel1Token,
1211
- &etc.escDerivedToken,
1212
- NULL, // ecc unsed in FLE2v2
1213
- OPT_BOOL(is_leaf),
1214
- status)) {
1215
- goto fail_loop;
1294
+ mc_TextSuffixTokenSet_t tset = {{0}};
1295
+ mc_TextSuffixTokenSet_init(&tset);
1296
+
1297
+ _mongocrypt_buffer_t asBsonValue;
1298
+ _mongocrypt_buffer_init(&asBsonValue);
1299
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1300
+
1301
+ if (!_fle2_generate_TextSuffixTokenSet(kb,
1302
+ &tset,
1303
+ &asBsonValue,
1304
+ contentionFactor,
1305
+ common.collectionsLevel1Token,
1306
+ common.serverTokenDerivationLevel1Token,
1307
+ status)) {
1308
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1309
+ mc_TextSuffixTokenSet_cleanup(&tset);
1310
+ goto fail;
1216
1311
  }
1312
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1217
1313
 
1218
- _mc_array_append_val(&payload.edgeTokenSetArray, etc);
1314
+ if (appendCount > 1) {
1315
+ mc_TextSuffixTokenSet_t tset_copy;
1316
+ mc_TextSuffixTokenSet_shallow_copy(&tset, &tset_copy);
1317
+ for (; appendCount > 1; appendCount--) {
1318
+ _mc_array_append_val(&tsts->suffixArray, tset_copy);
1319
+ }
1320
+ }
1321
+ _mc_array_append_val(&tsts->suffixArray, tset); // array now owns tset
1322
+ }
1323
+ }
1219
1324
 
1220
- loop_ok = true;
1221
- fail_loop:
1222
- _mongocrypt_buffer_cleanup(&encryptedTokens);
1223
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1224
- _mongocrypt_buffer_cleanup(&edge_buf);
1225
- if (!loop_ok) {
1325
+ // Generate array of prefix token sets
1326
+ if (encodeSets->prefix_set) {
1327
+ mc_affix_set_iter_t set_itr;
1328
+ mc_affix_set_iter_init(&set_itr, encodeSets->prefix_set);
1329
+
1330
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1331
+ BSON_ASSERT(appendCount > 0);
1332
+ BSON_ASSERT(bytelen < INT_MAX);
1333
+
1334
+ mc_TextPrefixTokenSet_t tset = {{0}};
1335
+ mc_TextPrefixTokenSet_init(&tset);
1336
+
1337
+ _mongocrypt_buffer_t asBsonValue;
1338
+ _mongocrypt_buffer_init(&asBsonValue);
1339
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1340
+
1341
+ if (!_fle2_generate_TextPrefixTokenSet(kb,
1342
+ &tset,
1343
+ &asBsonValue,
1344
+ contentionFactor,
1345
+ common.collectionsLevel1Token,
1346
+ common.serverTokenDerivationLevel1Token,
1347
+ status)) {
1348
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1349
+ mc_TextPrefixTokenSet_cleanup(&tset);
1226
1350
  goto fail;
1227
1351
  }
1352
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1353
+
1354
+ if (appendCount > 1) {
1355
+ mc_TextPrefixTokenSet_t tset_copy;
1356
+ mc_TextPrefixTokenSet_shallow_copy(&tset, &tset_copy);
1357
+ for (; appendCount > 1; appendCount--) {
1358
+ _mc_array_append_val(&tsts->prefixArray, tset_copy); // array now owns tset_copy
1359
+ }
1360
+ }
1361
+ _mc_array_append_val(&tsts->prefixArray, tset); // moves ownership of tset
1228
1362
  }
1229
1363
  }
1364
+ payload->textSearchTokenSets.set = true;
1365
+ res = true;
1366
+ fail:
1367
+ _FLE2EncryptedPayloadCommon_cleanup(&common);
1368
+ mc_str_encode_sets_destroy(encodeSets);
1369
+ return res;
1370
+ }
1230
1371
 
1231
- // Include "range" payload fields introduced in SERVER-91889.
1232
- payload.sparsity = OPT_I64(placeholder->sparsity);
1233
- payload.precision = insertSpec.precision;
1234
- payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1235
- bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1236
- bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1372
+ static bool _fle2_generate_TextSearchFindTokenSets(_mongocrypt_key_broker_t *kb,
1373
+ mc_TextSearchFindTokenSets_t *out,
1374
+ const _mongocrypt_buffer_t *indexKeyId,
1375
+ const mc_FLE2TextSearchInsertSpec_t *spec,
1376
+ mongocrypt_status_t *status) {
1377
+ BSON_ASSERT_PARAM(kb);
1378
+ BSON_ASSERT_PARAM(kb->crypt);
1379
+ BSON_ASSERT_PARAM(out);
1380
+ BSON_ASSERT_PARAM(indexKeyId);
1381
+ BSON_ASSERT_PARAM(spec);
1237
1382
 
1238
- {
1239
- bson_t out;
1240
- bson_init(&out);
1241
- mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
1242
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1383
+ _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1384
+ _FLE2EncryptedPayloadCommon_t common = {{0}};
1385
+ _mongocrypt_buffer_t asBsonValue = {0};
1386
+ bool res = false;
1387
+
1388
+ int operator_count = (int)spec->substr.set + (int)spec->suffix.set + (int)spec->prefix.set;
1389
+ if (operator_count > 1) {
1390
+ CLIENT_ERR("Text search query specification cannot contain multiple query type specifications");
1391
+ goto fail;
1392
+ }
1393
+
1394
+ if (!mc_text_search_str_query(spec, &asBsonValue, status)) {
1395
+ goto fail;
1396
+ }
1397
+
1398
+ // Start the token derivations
1399
+ if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
1400
+ goto fail;
1401
+ }
1402
+
1403
+ common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
1404
+ if (!common.collectionsLevel1Token) {
1405
+ CLIENT_ERR("unable to derive collectionLevel1Token");
1406
+ goto fail;
1243
1407
  }
1244
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1245
- // not used for FLE2InsertUpdatePayloadV2.
1246
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1247
1408
 
1409
+ common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
1410
+ if (!common.serverTokenDerivationLevel1Token) {
1411
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
1412
+ goto fail;
1413
+ }
1414
+
1415
+ if (spec->substr.set) {
1416
+ if (!_fle2_generate_TextSubstringFindTokenSet(kb,
1417
+ &out->substring.value,
1418
+ &asBsonValue,
1419
+ common.collectionsLevel1Token,
1420
+ common.serverTokenDerivationLevel1Token,
1421
+ status)) {
1422
+ goto fail;
1423
+ }
1424
+ out->substring.set = true;
1425
+ } else if (spec->suffix.set) {
1426
+ if (!_fle2_generate_TextSuffixFindTokenSet(kb,
1427
+ &out->suffix.value,
1428
+ &asBsonValue,
1429
+ common.collectionsLevel1Token,
1430
+ common.serverTokenDerivationLevel1Token,
1431
+ status)) {
1432
+ goto fail;
1433
+ }
1434
+ out->suffix.set = true;
1435
+
1436
+ } else if (spec->prefix.set) {
1437
+ if (!_fle2_generate_TextPrefixFindTokenSet(kb,
1438
+ &out->prefix.value,
1439
+ &asBsonValue,
1440
+ common.collectionsLevel1Token,
1441
+ common.serverTokenDerivationLevel1Token,
1442
+ status)) {
1443
+ goto fail;
1444
+ }
1445
+ out->prefix.set = true;
1446
+ } else {
1447
+ if (!_fle2_generate_TextExactFindTokenSet(kb,
1448
+ &out->exact.value,
1449
+ &asBsonValue,
1450
+ common.collectionsLevel1Token,
1451
+ common.serverTokenDerivationLevel1Token,
1452
+ status)) {
1453
+ goto fail;
1454
+ }
1455
+ out->exact.set = true;
1456
+ }
1248
1457
  res = true;
1249
1458
  fail:
1250
- mc_edges_destroy(edges);
1251
- mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1459
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1252
1460
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1253
-
1254
1461
  return res;
1255
1462
  }
1256
1463
 
1257
1464
  /**
1258
- * Payload subtype 5: FLE2FindEqualityPayload
1465
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for text search inserts/updates
1259
1466
  *
1260
- * {d: EDC, s: ESC, c: ECC, e: serverToken, cm: maxContentionFactor}
1467
+ * {v: value, u: indexKeyId, t: valueType, k: contentionFactor, e: serverToken,
1468
+ * b: { e: {d: EDC_exact, s: ESC_exact, l: svrDFDToken_exact, p: encToken_exact},
1469
+ * s: [{d: EDC_substr, s: ESC_substr, l: svrDFDToken_substr, p: encToken_substr}, ...]
1470
+ * u: [{d: EDC_suffix, s: ESC_suffix, l: svrDFDToken_suffix, p: encToken_suffix}, ...]
1471
+ * p: [{d: EDC_prefix, s: ESC_prefix, l: svrDFDToken_prefix, p: encToken_prefix}, ...]
1472
+ * },
1473
+ * d: bogusToken, s: bogusToken, l: bogusToken, p: bogusCiphertext
1474
+ * }
1261
1475
  */
1262
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(_mongocrypt_key_broker_t *kb,
1263
- _mongocrypt_marking_t *marking,
1264
- _mongocrypt_ciphertext_t *ciphertext,
1265
- mongocrypt_status_t *status) {
1476
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1477
+ _mongocrypt_marking_t *marking,
1478
+ _mongocrypt_ciphertext_t *ciphertext,
1479
+ mongocrypt_status_t *status) {
1266
1480
  BSON_ASSERT_PARAM(kb);
1267
1481
  BSON_ASSERT_PARAM(marking);
1268
1482
  BSON_ASSERT_PARAM(ciphertext);
1483
+ BSON_ASSERT(kb->crypt);
1484
+ BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1485
+
1486
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1487
+ BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
1488
+ BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
1269
1489
 
1270
1490
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1491
+ mc_FLE2InsertUpdatePayloadV2_t payload;
1492
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1493
+
1271
1494
  _mongocrypt_buffer_t value = {0};
1272
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1273
- mc_FLE2FindEqualityPayload_t payload;
1274
1495
  bool res = false;
1275
1496
 
1276
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1277
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1278
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1279
- _mongocrypt_buffer_init(&value);
1280
- mc_FLE2FindEqualityPayload_init(&payload);
1497
+ mc_FLE2TextSearchInsertSpec_t insertSpec;
1498
+ if (!mc_FLE2TextSearchInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
1499
+ goto fail;
1500
+ }
1281
1501
 
1282
- _mongocrypt_buffer_from_iter(&value, &placeholder->v_iter);
1502
+ // One of substr/suffix/prefix must be set for inserts
1503
+ if (!(insertSpec.substr.set || insertSpec.suffix.set || insertSpec.prefix.set)) {
1504
+ CLIENT_ERR("FLE2TextSearchInsertSpec is missing a substring, suffix, or prefix index specification");
1505
+ goto fail;
1506
+ }
1507
+
1508
+ // t
1509
+ payload.valueType = BSON_TYPE_UTF8;
1510
+
1511
+ // k
1512
+ payload.contentionFactor = 0;
1513
+ if (placeholder->maxContentionFactor > 0) {
1514
+ /* Choose a random contentionFactor in the inclusive range [0,
1515
+ * placeholder->maxContentionFactor] */
1516
+ if (!_mongocrypt_random_int64(kb->crypt->crypto,
1517
+ placeholder->maxContentionFactor + 1,
1518
+ &payload.contentionFactor,
1519
+ status)) {
1520
+ goto fail;
1521
+ }
1522
+ }
1523
+
1524
+ // u
1525
+ _mongocrypt_buffer_copy_to(&placeholder->index_key_id, &payload.indexKeyId);
1283
1526
 
1527
+ _mongocrypt_buffer_from_iter(&value, &insertSpec.v_iter);
1284
1528
  if (!_mongocrypt_fle2_placeholder_common(kb,
1285
1529
  &common,
1286
1530
  &placeholder->index_key_id,
1287
1531
  &value,
1288
- false, /* derive tokens without contentionFactor */
1289
- placeholder->maxContentionFactor, /* ignored */
1532
+ true, /* derive tokens using contentionFactor */
1533
+ payload.contentionFactor,
1290
1534
  status)) {
1291
1535
  goto fail;
1292
1536
  }
1293
1537
 
1294
- // d := EDCDerivedToken
1295
- _mongocrypt_buffer_steal(&payload.edcDerivedToken, &common.edcDerivedToken);
1296
- // s := ESCDerivedToken
1297
- _mongocrypt_buffer_steal(&payload.escDerivedToken, &common.escDerivedToken);
1298
- // c := ECCDerivedToken
1299
- _mongocrypt_buffer_steal(&payload.eccDerivedToken, &common.eccDerivedToken);
1538
+ // (d, s, l) are never used for text search, so just set these to bogus buffers of
1539
+ // correct length.
1540
+ BSON_ASSERT(_mongocrypt_buffer_steal_from_data_and_size(&payload.edcDerivedToken,
1541
+ bson_malloc0(MONGOCRYPT_HMAC_SHA256_LEN),
1542
+ MONGOCRYPT_HMAC_SHA256_LEN));
1543
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.escDerivedToken);
1544
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.serverDerivedFromDataToken);
1545
+
1546
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1547
+ // Since p is never used for text search, this just sets p to a bogus ciphertext of
1548
+ // the correct length.
1549
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1550
+ &payload.encryptedTokens,
1551
+ false,
1552
+ common.collectionsLevel1Token,
1553
+ &payload.escDerivedToken, // bogus
1554
+ NULL, // unused in FLE2v2
1555
+ (mc_optional_bool_t){0},
1556
+ status)) {
1557
+ goto fail;
1558
+ }
1300
1559
 
1560
+ // v := UserKeyId + EncryptCBCAEAD(UserKey, value)
1561
+ {
1562
+ _mongocrypt_buffer_t ciphertext = {0};
1563
+ if (!_fle2_placeholder_aes_aead_encrypt(kb,
1564
+ _mcFLE2v2AEADAlgorithm(),
1565
+ &ciphertext,
1566
+ &placeholder->user_key_id,
1567
+ &value,
1568
+ status)) {
1569
+ goto fail;
1570
+ }
1571
+ const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
1572
+ const bool ok = _mongocrypt_buffer_concat(&payload.value, v, 2);
1573
+ _mongocrypt_buffer_cleanup(&ciphertext);
1574
+ if (!ok) {
1575
+ goto fail;
1576
+ }
1577
+ }
1301
1578
  // e := ServerDataEncryptionLevel1Token
1302
1579
  _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common.serverDataEncryptionLevel1Token),
1303
1580
  &payload.serverEncryptionToken);
1304
1581
 
1305
- payload.maxContentionFactor = placeholder->maxContentionFactor;
1582
+ // b
1583
+ if (!_fle2_generate_TextSearchTokenSets(kb,
1584
+ &payload,
1585
+ &placeholder->index_key_id,
1586
+ &insertSpec,
1587
+ payload.contentionFactor,
1588
+ status)) {
1589
+ goto fail;
1590
+ }
1306
1591
 
1307
1592
  {
1308
1593
  bson_t out;
1309
1594
  bson_init(&out);
1310
- mc_FLE2FindEqualityPayload_serialize(&payload, &out);
1595
+ mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(&payload, &out);
1311
1596
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1312
1597
  }
1313
1598
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1314
- // not used for FLE2FindEqualityPayload.
1315
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindEqualityPayload;
1599
+ // not used for FLE2InsertUpdatePayloadV2.
1600
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1316
1601
 
1317
1602
  res = true;
1318
1603
  fail:
1319
- mc_FLE2FindEqualityPayload_cleanup(&payload);
1604
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1320
1605
  _mongocrypt_buffer_cleanup(&value);
1321
1606
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1322
-
1323
1607
  return res;
1324
1608
  }
1325
1609
 
1326
1610
  /**
1327
1611
  * Payload subtype 12: FLE2FindEqualityPayloadV2
1328
- * Delegates to ..._find_ciphertext_v1 when crypt->opts.use_fle2_v2 == false.
1329
1612
  *
1330
1613
  * {d: EDC, s: ESC, l: serverDerivedFromDataToken, cm: maxContentionFactor}
1331
1614
  */
@@ -1337,13 +1620,9 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertext(_mongocrypt_key_brok
1337
1620
  BSON_ASSERT_PARAM(marking);
1338
1621
  BSON_ASSERT_PARAM(ciphertext);
1339
1622
 
1340
- if (kb->crypt->opts.use_fle2_v2 == false) {
1341
- return _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(kb, marking, ciphertext, status);
1342
- }
1343
-
1344
1623
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1345
1624
  _mongocrypt_buffer_t value = {0};
1346
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1625
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1347
1626
  mc_FLE2FindEqualityPayloadV2_t payload;
1348
1627
  bool res = false;
1349
1628
 
@@ -1401,10 +1680,8 @@ static bool isInfinite(bson_iter_t *iter) {
1401
1680
 
1402
1681
  // mc_get_mincover_from_FLE2RangeFindSpec creates and returns a mincover from an
1403
1682
  // FLE2RangeFindSpec. Returns NULL on error.
1404
- mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *findSpec,
1405
- size_t sparsity,
1406
- mongocrypt_status_t *status,
1407
- bool use_range_v2) {
1683
+ mc_mincover_t *
1684
+ mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *findSpec, size_t sparsity, mongocrypt_status_t *status) {
1408
1685
  BSON_ASSERT_PARAM(findSpec);
1409
1686
  BSON_ASSERT(findSpec->edgesInfo.set);
1410
1687
 
@@ -1465,8 +1742,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1465
1742
  .max = OPT_I32(bson_iter_int32(&findSpec->edgesInfo.value.indexMax)),
1466
1743
  .sparsity = sparsity,
1467
1744
  .trimFactor = findSpec->edgesInfo.value.trimFactor},
1468
- status,
1469
- use_range_v2);
1745
+ status);
1470
1746
 
1471
1747
  case BSON_TYPE_INT64:
1472
1748
  BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_INT64);
@@ -1482,8 +1758,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1482
1758
  .max = OPT_I64(bson_iter_int64(&findSpec->edgesInfo.value.indexMax)),
1483
1759
  .sparsity = sparsity,
1484
1760
  .trimFactor = findSpec->edgesInfo.value.trimFactor},
1485
- status,
1486
- use_range_v2);
1761
+ status);
1487
1762
  case BSON_TYPE_DATE_TIME:
1488
1763
  BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DATE_TIME);
1489
1764
  BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DATE_TIME);
@@ -1498,8 +1773,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1498
1773
  .max = OPT_I64(bson_iter_date_time(&findSpec->edgesInfo.value.indexMax)),
1499
1774
  .sparsity = sparsity,
1500
1775
  .trimFactor = findSpec->edgesInfo.value.trimFactor},
1501
- status,
1502
- use_range_v2);
1776
+ status);
1503
1777
  case BSON_TYPE_DOUBLE: {
1504
1778
  BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DOUBLE);
1505
1779
  BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DOUBLE);
@@ -1520,10 +1794,10 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1520
1794
  args.max = OPT_DOUBLE(bson_iter_double(&findSpec->edgesInfo.value.indexMax));
1521
1795
  args.precision = findSpec->edgesInfo.value.precision;
1522
1796
  }
1523
- return mc_getMincoverDouble(args, status, use_range_v2);
1797
+ return mc_getMincoverDouble(args, status);
1524
1798
  }
1525
1799
  case BSON_TYPE_DECIMAL128: {
1526
- #if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT
1800
+ #if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT()
1527
1801
  BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DECIMAL128);
1528
1802
  BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DECIMAL128);
1529
1803
  BSON_ASSERT(bson_iter_type(&findSpec->edgesInfo.value.indexMin) == BSON_TYPE_DECIMAL128);
@@ -1540,7 +1814,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1540
1814
  args.max = OPT_MC_DEC128(mc_dec128_from_bson_iter(&findSpec->edgesInfo.value.indexMax));
1541
1815
  args.precision = findSpec->edgesInfo.value.precision;
1542
1816
  }
1543
- return mc_getMincoverDecimal128(args, status, use_range_v2);
1817
+ return mc_getMincoverDecimal128(args, status);
1544
1818
  #else // ↑↑↑↑↑↑↑↑ With Decimal128 / Without ↓↓↓↓↓↓↓↓↓↓
1545
1819
  CLIENT_ERR("FLE2 find is not supported for Decimal128: libmongocrypt "
1546
1820
  "was built without Decimal128 support");
@@ -1570,39 +1844,35 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1570
1844
  }
1571
1845
 
1572
1846
  /**
1573
- * Payload subtype 10: FLE2FindRangePayload
1847
+ * Payload subtype 13: FLE2FindRangePayloadV2
1574
1848
  *
1575
- * {e: serverToken, cm: maxContentionFactor,
1576
- * g: [{d: EDC, s: ESC, c: ECC}, ...]}
1849
+ * {cm: maxContentionFactor,
1850
+ * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
1577
1851
  */
1578
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
1579
- _mongocrypt_marking_t *marking,
1580
- _mongocrypt_ciphertext_t *ciphertext,
1581
- mongocrypt_status_t *status) {
1852
+ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_key_broker_t *kb,
1853
+ _mongocrypt_marking_t *marking,
1854
+ _mongocrypt_ciphertext_t *ciphertext,
1855
+ mongocrypt_status_t *status) {
1582
1856
  BSON_ASSERT_PARAM(kb);
1583
1857
  BSON_ASSERT_PARAM(marking);
1584
1858
  BSON_ASSERT_PARAM(ciphertext);
1585
- BSON_ASSERT(kb->crypt);
1586
1859
 
1587
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1588
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1589
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1590
- mc_FLE2FindRangePayload_t payload;
1860
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1861
+ mc_FLE2FindRangePayloadV2_t payload;
1591
1862
  bool res = false;
1592
1863
  mc_mincover_t *mincover = NULL;
1593
1864
  _mongocrypt_buffer_t tokenKey = {0};
1594
1865
 
1595
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1596
1866
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1597
1867
  BSON_ASSERT(placeholder);
1598
1868
  BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1599
1869
  BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
1600
- mc_FLE2FindRangePayload_init(&payload);
1870
+ mc_FLE2FindRangePayloadV2_init(&payload);
1601
1871
 
1602
1872
  // Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
1603
1873
  // range find.
1604
1874
  mc_FLE2RangeFindSpec_t findSpec;
1605
- if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, use_range_v2, status)) {
1875
+ if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, status)) {
1606
1876
  goto fail;
1607
1877
  }
1608
1878
 
@@ -1610,27 +1880,10 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1610
1880
  // cm := Queryable Encryption max contentionFactor
1611
1881
  payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
1612
1882
 
1613
- // e := ServerDataEncryptionLevel1Token
1614
- {
1615
- if (!_get_tokenKey(kb, &placeholder->index_key_id, &tokenKey, status)) {
1616
- goto fail;
1617
- }
1618
-
1619
- mc_ServerDataEncryptionLevel1Token_t *serverToken =
1620
- mc_ServerDataEncryptionLevel1Token_new(crypto, &tokenKey, status);
1621
- if (!serverToken) {
1622
- goto fail;
1623
- }
1624
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(serverToken),
1625
- &payload.payload.value.serverEncryptionToken);
1626
- mc_ServerDataEncryptionLevel1Token_destroy(serverToken);
1627
- }
1628
-
1629
1883
  // g:= array<EdgeFindTokenSet>
1630
1884
  {
1631
1885
  BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1632
- mincover =
1633
- mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
1886
+ mincover = mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status);
1634
1887
  if (!mincover) {
1635
1888
  goto fail;
1636
1889
  }
@@ -1641,7 +1894,7 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1641
1894
  const char *edge = mc_mincover_get(mincover, i);
1642
1895
  _mongocrypt_buffer_t edge_buf = {0};
1643
1896
  _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1644
- mc_EdgeFindTokenSet_t eftc = {{0}};
1897
+ mc_EdgeFindTokenSetV2_t eftc = {{0}};
1645
1898
 
1646
1899
  if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1647
1900
  CLIENT_ERR("failed to copy edge to buffer");
@@ -1652,7 +1905,7 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1652
1905
  &edge_tokens,
1653
1906
  &placeholder->index_key_id,
1654
1907
  &edge_buf,
1655
- false, /* derive tokens using contentionFactor */
1908
+ false, /* derive tokens without using contentionFactor */
1656
1909
  placeholder->maxContentionFactor, /* ignored */
1657
1910
  status)) {
1658
1911
  goto fail_loop;
@@ -1662,8 +1915,9 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1662
1915
  _mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1663
1916
  // s := ESCDerivedToken
1664
1917
  _mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
1665
- // c := ECCDerivedToken
1666
- _mongocrypt_buffer_steal(&eftc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1918
+
1919
+ // l := serverDerivedFromDataToken
1920
+ _mongocrypt_buffer_steal(&eftc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1667
1921
 
1668
1922
  _mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
1669
1923
 
@@ -1677,6 +1931,13 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1677
1931
  }
1678
1932
  }
1679
1933
  payload.payload.set = true;
1934
+
1935
+ // Include "range" payload fields introduced in SERVER-91889.
1936
+ payload.sparsity = OPT_I64(placeholder->sparsity);
1937
+ payload.precision = findSpec.edgesInfo.value.precision;
1938
+ payload.trimFactor = OPT_I32(mc_mincover_get_used_trimFactor(mincover));
1939
+ bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMin), &payload.indexMin);
1940
+ bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMax), &payload.indexMax);
1680
1941
  }
1681
1942
 
1682
1943
  payload.payloadId = findSpec.payloadId;
@@ -1686,153 +1947,80 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
1686
1947
  // Serialize.
1687
1948
  {
1688
1949
  bson_t out = BSON_INITIALIZER;
1689
- mc_FLE2FindRangePayload_serialize(&payload, &out);
1950
+ mc_FLE2FindRangePayloadV2_serialize(&payload, &out);
1690
1951
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1691
1952
  }
1692
1953
  _mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
1693
1954
 
1694
1955
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1695
- // not used for FLE2FindRangePayload.
1696
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayload;
1956
+ // not used for FLE2FindRangePayloadV2.
1957
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayloadV2;
1697
1958
 
1698
1959
  res = true;
1699
1960
  fail:
1700
1961
  mc_mincover_destroy(mincover);
1701
- mc_FLE2FindRangePayload_cleanup(&payload);
1962
+ mc_FLE2FindRangePayloadV2_cleanup(&payload);
1702
1963
  _mongocrypt_buffer_cleanup(&tokenKey);
1703
1964
 
1704
1965
  return res;
1705
1966
  }
1706
1967
 
1707
- /**
1708
- * Payload subtype 13: FLE2FindRangePayloadV2
1709
- * Delegates to ..._find_ciphertextForRange_v1
1710
- * when crypt->opts.use_fle2_v2 is false
1711
- *
1712
- * {cm: maxContentionFactor,
1713
- * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
1714
- */
1715
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_key_broker_t *kb,
1716
- _mongocrypt_marking_t *marking,
1717
- _mongocrypt_ciphertext_t *ciphertext,
1718
- mongocrypt_status_t *status) {
1968
+ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1969
+ _mongocrypt_marking_t *marking,
1970
+ _mongocrypt_ciphertext_t *ciphertext,
1971
+ mongocrypt_status_t *status) {
1719
1972
  BSON_ASSERT_PARAM(kb);
1720
1973
  BSON_ASSERT_PARAM(marking);
1721
1974
  BSON_ASSERT_PARAM(ciphertext);
1975
+ BSON_ASSERT(kb->crypt);
1976
+ BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1722
1977
 
1723
- if (kb->crypt->opts.use_fle2_v2 == false) {
1724
- return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(kb, marking, ciphertext, status);
1725
- }
1726
-
1727
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1728
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1729
- mc_FLE2FindRangePayloadV2_t payload;
1730
1978
  bool res = false;
1731
- mc_mincover_t *mincover = NULL;
1732
- _mongocrypt_buffer_t tokenKey = {0};
1733
-
1734
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1735
- BSON_ASSERT(placeholder);
1979
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1736
1980
  BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1737
- BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
1738
- mc_FLE2FindRangePayloadV2_init(&payload);
1981
+ BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
1739
1982
 
1740
- // Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
1741
- // range find.
1742
- mc_FLE2RangeFindSpec_t findSpec;
1743
- if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, use_range_v2, status)) {
1983
+ mc_FLE2FindTextPayload_t payload;
1984
+ mc_FLE2FindTextPayload_init(&payload);
1985
+
1986
+ mc_FLE2TextSearchInsertSpec_t spec;
1987
+ if (!mc_FLE2TextSearchInsertSpec_parse(&spec, &placeholder->v_iter, status)) {
1744
1988
  goto fail;
1745
1989
  }
1746
1990
 
1747
- if (findSpec.edgesInfo.set) {
1748
- // cm := Queryable Encryption max contentionFactor
1749
- payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
1750
-
1751
- // g:= array<EdgeFindTokenSet>
1752
- {
1753
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1754
- mincover =
1755
- mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
1756
- if (!mincover) {
1757
- goto fail;
1758
- }
1759
-
1760
- for (size_t i = 0; i < mc_mincover_len(mincover); i++) {
1761
- // Create a EdgeFindTokenSet from each edge.
1762
- bool loop_ok = false;
1763
- const char *edge = mc_mincover_get(mincover, i);
1764
- _mongocrypt_buffer_t edge_buf = {0};
1765
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1766
- mc_EdgeFindTokenSetV2_t eftc = {{0}};
1767
-
1768
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1769
- CLIENT_ERR("failed to copy edge to buffer");
1770
- goto fail_loop;
1771
- }
1772
-
1773
- if (!_mongocrypt_fle2_placeholder_common(kb,
1774
- &edge_tokens,
1775
- &placeholder->index_key_id,
1776
- &edge_buf,
1777
- false, /* derive tokens without using contentionFactor */
1778
- placeholder->maxContentionFactor, /* ignored */
1779
- status)) {
1780
- goto fail_loop;
1781
- }
1782
-
1783
- // d := EDCDerivedToken
1784
- _mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1785
- // s := ESCDerivedToken
1786
- _mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
1787
-
1788
- // l := serverDerivedFromDataToken
1789
- _mongocrypt_buffer_steal(&eftc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1790
-
1791
- _mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
1792
-
1793
- loop_ok = true;
1794
- fail_loop:
1795
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1796
- _mongocrypt_buffer_cleanup(&edge_buf);
1797
- if (!loop_ok) {
1798
- goto fail;
1799
- }
1800
- }
1801
- }
1802
- payload.payload.set = true;
1803
-
1804
- if (use_range_v2) {
1805
- // Include "range" payload fields introduced in SERVER-91889.
1806
- payload.sparsity = OPT_I64(placeholder->sparsity);
1807
- payload.precision = findSpec.edgesInfo.value.precision;
1808
- payload.trimFactor = OPT_I32(mc_mincover_get_used_trimFactor(mincover));
1809
- bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMin), &payload.indexMin);
1810
- bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMax), &payload.indexMax);
1811
- }
1991
+ if (!_fle2_generate_TextSearchFindTokenSets(kb, &payload.tokenSets, &placeholder->index_key_id, &spec, status)) {
1992
+ goto fail;
1812
1993
  }
1813
1994
 
1814
- payload.payloadId = findSpec.payloadId;
1815
- payload.firstOperator = findSpec.firstOperator;
1816
- payload.secondOperator = findSpec.secondOperator;
1995
+ payload.caseFold = spec.casef;
1996
+ payload.diacriticFold = spec.diacf;
1997
+ payload.maxContentionFactor = placeholder->maxContentionFactor;
1998
+ if (spec.substr.set) {
1999
+ payload.substringSpec.set = true;
2000
+ payload.substringSpec.value = spec.substr.value;
2001
+ } else if (spec.suffix.set) {
2002
+ payload.suffixSpec.set = true;
2003
+ payload.suffixSpec.value = spec.suffix.value;
2004
+ } else if (spec.prefix.set) {
2005
+ payload.prefixSpec.set = true;
2006
+ payload.prefixSpec.value = spec.prefix.value;
2007
+ }
1817
2008
 
1818
2009
  // Serialize.
1819
2010
  {
1820
2011
  bson_t out = BSON_INITIALIZER;
1821
- mc_FLE2FindRangePayloadV2_serialize(&payload, &out, use_range_v2);
2012
+ mc_FLE2FindTextPayload_serialize(&payload, &out);
1822
2013
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1823
2014
  }
1824
- _mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
1825
2015
 
1826
2016
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1827
- // not used for FLE2FindRangePayloadV2.
1828
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayloadV2;
2017
+ // not used for FLE2FindTextPayload.
2018
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindTextPayload;
1829
2019
 
1830
2020
  res = true;
1831
- fail:
1832
- mc_mincover_destroy(mincover);
1833
- mc_FLE2FindRangePayloadV2_cleanup(&payload);
1834
- _mongocrypt_buffer_cleanup(&tokenKey);
1835
2021
 
2022
+ fail:
2023
+ mc_FLE2FindTextPayload_cleanup(&payload);
1836
2024
  return res;
1837
2025
  }
1838
2026
 
@@ -1845,7 +2033,7 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
1845
2033
  BSON_ASSERT_PARAM(ciphertext);
1846
2034
 
1847
2035
  _mongocrypt_buffer_t plaintext = {0};
1848
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
2036
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
1849
2037
  _mongocrypt_buffer_t user_key = {0};
1850
2038
  bool res = false;
1851
2039
 
@@ -1860,25 +2048,14 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
1860
2048
  }
1861
2049
 
1862
2050
  BSON_ASSERT(kb->crypt);
1863
- if (kb->crypt->opts.use_fle2_v2) {
1864
- res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
1865
- &placeholder->user_key_id,
1866
- bson_iter_type(&placeholder->v_iter),
1867
- &plaintext,
1868
- &user_key,
1869
- &ciphertext->data,
1870
- status);
1871
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1872
- } else {
1873
- res = mc_FLE2UnindexedEncryptedValue_encrypt(kb->crypt->crypto,
1874
- &placeholder->user_key_id,
1875
- bson_iter_type(&placeholder->v_iter),
1876
- &plaintext,
1877
- &user_key,
1878
- &ciphertext->data,
1879
- status);
1880
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValue;
1881
- }
2051
+ res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
2052
+ &placeholder->user_key_id,
2053
+ bson_iter_type(&placeholder->v_iter),
2054
+ &plaintext,
2055
+ &user_key,
2056
+ &ciphertext->data,
2057
+ status);
2058
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1882
2059
 
1883
2060
  if (!res) {
1884
2061
  goto fail;
@@ -1922,12 +2099,13 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
1922
2099
  _mongocrypt_buffer_init(&key_id);
1923
2100
  _mongocrypt_buffer_init(&key_material);
1924
2101
 
1925
- /* Get the decrypted key for this marking. */
2102
+ /* Get the decrypted key for this marking.u.fle1. */
1926
2103
  if (marking->type == MONGOCRYPT_MARKING_FLE1_BY_ALTNAME) {
1927
- key_found = _mongocrypt_key_broker_decrypted_key_by_name(kb, &marking->key_alt_name, &key_material, &key_id);
1928
- } else if (!_mongocrypt_buffer_empty(&marking->key_id)) {
1929
- key_found = _mongocrypt_key_broker_decrypted_key_by_id(kb, &marking->key_id, &key_material);
1930
- _mongocrypt_buffer_copy_to(&marking->key_id, &key_id);
2104
+ key_found =
2105
+ _mongocrypt_key_broker_decrypted_key_by_name(kb, &marking->u.fle1.key_alt_name, &key_material, &key_id);
2106
+ } else if (!_mongocrypt_buffer_empty(&marking->u.fle1.key_id)) {
2107
+ key_found = _mongocrypt_key_broker_decrypted_key_by_id(kb, &marking->u.fle1.key_id, &key_material);
2108
+ _mongocrypt_buffer_copy_to(&marking->u.fle1.key_id, &key_id);
1931
2109
  } else {
1932
2110
  CLIENT_ERR("marking must have either key_id or key_alt_name");
1933
2111
  goto fail;
@@ -1938,11 +2116,11 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
1938
2116
  goto fail;
1939
2117
  }
1940
2118
 
1941
- ciphertext->original_bson_type = (uint8_t)bson_iter_type(&marking->v_iter);
1942
- if (marking->algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC) {
2119
+ ciphertext->original_bson_type = (uint8_t)bson_iter_type(&marking->u.fle1.v_iter);
2120
+ if (marking->u.fle1.algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC) {
1943
2121
  ciphertext->blob_subtype = MC_SUBTYPE_FLE1DeterministicEncryptedValue;
1944
2122
  } else {
1945
- BSON_ASSERT(marking->algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_RANDOM);
2123
+ BSON_ASSERT(marking->u.fle1.algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_RANDOM);
1946
2124
  ciphertext->blob_subtype = MC_SUBTYPE_FLE1RandomEncryptedValue;
1947
2125
  }
1948
2126
  _mongocrypt_buffer_copy_to(&key_id, &ciphertext->key_id);
@@ -1951,7 +2129,7 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
1951
2129
  goto fail;
1952
2130
  }
1953
2131
 
1954
- _mongocrypt_buffer_from_iter(&plaintext, &marking->v_iter);
2132
+ _mongocrypt_buffer_from_iter(&plaintext, &marking->u.fle1.v_iter);
1955
2133
  ciphertext->data.len = fle1->get_ciphertext_len(plaintext.len, status);
1956
2134
  if (ciphertext->data.len == 0) {
1957
2135
  goto fail;
@@ -1962,7 +2140,7 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
1962
2140
  ciphertext->data.owned = true;
1963
2141
 
1964
2142
  BSON_ASSERT(kb->crypt);
1965
- switch (marking->algorithm) {
2143
+ switch (marking->u.fle1.algorithm) {
1966
2144
  case MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC:
1967
2145
  /* Use deterministic encryption. */
1968
2146
  _mongocrypt_buffer_resize(&iv, MONGOCRYPT_IV_LEN);
@@ -2037,11 +2215,11 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
2037
2215
 
2038
2216
  switch (marking->type) {
2039
2217
  case MONGOCRYPT_MARKING_FLE2_ENCRYPTION:
2040
- switch (marking->fle2.algorithm) {
2218
+ switch (marking->u.fle2.algorithm) {
2041
2219
  case MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED:
2042
2220
  return _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(kb, marking, ciphertext, status);
2043
2221
  case MONGOCRYPT_FLE2_ALGORITHM_RANGE:
2044
- switch (marking->fle2.type) {
2222
+ switch (marking->u.fle2.type) {
2045
2223
  case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
2046
2224
  return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(kb,
2047
2225
  marking,
@@ -2049,17 +2227,28 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
2049
2227
  status);
2050
2228
  case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
2051
2229
  return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(kb, marking, ciphertext, status);
2052
- default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2230
+ default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
2053
2231
  }
2054
2232
  case MONGOCRYPT_FLE2_ALGORITHM_EQUALITY:
2055
- switch (marking->fle2.type) {
2233
+ switch (marking->u.fle2.type) {
2056
2234
  case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
2057
2235
  return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(kb, marking, ciphertext, status);
2058
2236
  case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
2059
2237
  return _mongocrypt_fle2_placeholder_to_find_ciphertext(kb, marking, ciphertext, status);
2060
- default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2238
+ default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
2239
+ }
2240
+ case MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH:
2241
+ switch (marking->u.fle2.type) {
2242
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
2243
+ return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(kb,
2244
+ marking,
2245
+ ciphertext,
2246
+ status);
2247
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
2248
+ return _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(kb, marking, ciphertext, status);
2249
+ default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
2061
2250
  }
2062
- default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->algorithm); return false;
2251
+ default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->u.fle1.algorithm); return false;
2063
2252
  }
2064
2253
  case MONGOCRYPT_MARKING_FLE1_BY_ID:
2065
2254
  case MONGOCRYPT_MARKING_FLE1_BY_ALTNAME: